Microsoft Azure and Microsoft 365 security - my defense in depth strategy

%3CLINGO-SUB%20id%3D%22lingo-sub-2237911%22%20slang%3D%22en-US%22%3EMicrosoft%20Azure%20and%20Microsoft%20365%20security%20-%20my%20defense%20in%20depth%20strategy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2237911%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDear%20Microsoft%20Azure%20and%20Microsoft%20365%20security%20friends%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWho%20is%20interested%20in%20my%20(small)%20company%3F%20We%20don't%20have%20anything%20to%20protect%20and%20we%20don't%20have%20any%20money.%20Besides%2C%20we%20have%20a%20firewall.%20Furthermore%2C%20Mr.%20Wechsler%2C%20you%20are%20a%20bit%20paranoid%20with%20your%20security%20thinking.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20are%20the%20first%20sentences%20I%20always%20hear%20when%20it%20comes%20to%20IT%20(Cloud)%20security.%20But%20the%20attacker%20is%20also%20interested%20in%20a%20small%20company%20and%20that%20is%20to%20use%20their%20system%20as%20a%20bot.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt's%20not%20always%20about%20money%20and%20data.%20What%20about%20the%20reputation%20a%20company%20has%20to%20lose%3F%20It%20takes%20years%20to%20build%20a%20good%20reputation%20but%20only%20one%20event%20to%20damage%20the%20reputation.%20What%20about%20the%20employees%2C%20the%20trust%20in%20the%20company%3F%20Do%20you%20want%20to%20put%20this%20at%20risk%20as%20a%20company%2C%20I%20don't%20think%20so!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes!%20Extended%20protection%20mechanisms%20always%20cost%20extra%2C%20I%20am%20absolutely%20aware%20of%20that.%20But%20I%20also%20pay%20monthly%20for%20car%20insurance%20and%20accident%20and%20health%20insurance.%20I'm%20grateful%20every%20day%20when%20I%20don't%20need%20the%20insurance.%20That's%20exactly%20how%20it%20should%20feel%20when%20it%20comes%20to%20IT%20(cloud)%20security.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELet's%20start%20with%20my%20IT%2FCloud%20security%20strategy.%20I%20am%20absolutely%20aware%20that%20this%20list%20is%20not%20exhaustive.%20There%20are%20so%20many%20components%20to%20consider%2C%20plus%20every%20infrastructure%2Fcompany%20is%20always%20different.%20I'll%20try%20to%20give%20you%20a%20little%20help%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20start%20with%20Microsoft%20365%2C%20as%20a%20first%20additional%20measure%2C%20use%20all%20policies%20that%20start%20with%20%22Anti-%22.%20You%20can%20find%20all%20the%20information%20in%20the%20Microsoft%20365%20Security%20Center.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsecurity.microsoft.com%2Fthreatpolicy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecurity.microsoft.com%2Fthreatpolicy%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20next%20step%20is%20to%20use%20the%20policies%20that%20start%20with%20%22Safe%22.%20You%20can%20also%20find%20this%20information%20in%20the%20Microsoft%20365%20Security%20Center.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_1.JPG%22%20style%3D%22width%3A%20200px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267473i85FDBFAC039F3969%2Fimage-size%2Fsmall%3Fv%3Dv2%26amp%3Bpx%3D200%22%20role%3D%22button%22%20title%3D%22Bild_1.JPG%22%20alt%3D%22Bild_1.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EMulti%20factor%20authentication%20is%20a%20key%20element%20to%20further%20protect%20your%20identities%2Fusers.%20You%20can%20set%20this%20up%20per%20user%20or%20with%20a%20Conditional%20Access%20Policy%20(my%20preferred%20way).%20Azure%20Active%20Directory%20helps%20you%20integrate%20this%20protection.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_2.JPG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267474iAC0A0708DD72D11F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_2.JPG%22%20alt%3D%22Bild_2.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20are%20subject%20to%20a%20regulatory%20agency%2C%20the%20Microsoft%20365%20Compliance%20Center%20can%20help.%26nbsp%3BHere%20you%20can%20set%20up%20data%20loss%20prevention%20policies%2C%20audits%2C%20eDiscovery%20and%20much%20more.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fcompliance.microsoft.com%2Fhomepage%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcompliance.microsoft.com%2Fhomepage%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_3.JPG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267475iA6C07FDD49F19C8F%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_3.JPG%22%20alt%3D%22Bild_3.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20this%20day%20and%20age%20of%20bring%20your%20own%20device%20and%20work%20from%20home%2C%20it's%20a%20good%20idea%20to%20include%20the%20Endpoint%20Manager.%20With%20it%20you%20have%20the%20possibility%20to%20manage%20endpoints%20(Mobile%20Device%20Management%20-%20MDM)%20and%20applications%20(Mobile%20Application%20Management%20-%20MAM).%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fendpoint.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fendpoint.microsoft.com%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGet%20visibility%20into%20your%20cloud%20apps%20using%20sophisticated%20analytics%20to%20identify%20and%20protect%20against%20cyberthreats%2C%20detect%20Shadow%20IT%2C%20and%20control%20how%20your%20data%20travels.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fportal.cloudappsecurity.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fportal.cloudappsecurity.com%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_4.JPG%22%20style%3D%22width%3A%20229px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267476iC29285CABD339330%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_4.JPG%22%20alt%3D%22Bild_4.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EThe%20Cloudapp%20Security%20Portal%20provides%20you%20with%20the%20best%20possible%20support.%20Here%20you%20can%20allow%20or%20sanction%20cloud%20app%2C%20configure%20anti-ransomware%20policies%2C%20data%20loss%20prevention%20policies%20and%20much%20more.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20want%20to%20know%20how%20your%20Windows%20Active%20Directory%20is%20doing%3F%20Then%20Microsoft%20Defender%20for%20Identity%20will%20help%20you.%20With%20this%20tool%20you%20can%20transfer%20the%20local%20information%20to%20the%20cloud.%20With%20an%20interface%20to%20the%20CloudApp%20Security%20Portal.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fyourtenant.atp.azure.com%2Ftimeline%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fyourtenant.atp.azure.com%2Ftimeline%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_5.JPG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267477iC18F51A69D249CB4%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_5.JPG%22%20alt%3D%22Bild_5.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20person%20should%20always%20work%20with%20elevated%20rights.%20Only%20work%20with%20elevated%20rights%20when%20it%20is%20really%20necessary.%20This%20is%20where%20Azure%20Privileged%20Identity%20Management%20(PIM)%20comes%20in.%20With%20this%20tool%20you%20can%20configure%20the%20access%20as%20you%20need%20it%20for%20your%20needs.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_6.JPG%22%20style%3D%22width%3A%20367px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267478i9AB44DEFCDAFCF0B%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_6.JPG%22%20alt%3D%22Bild_6.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EWith%20Azure%20Identity%20Protection%20do%20you%20have%20a%20tool%20that%20allows%20organizations%20to%20accomplish%20three%20key%20tasks%3A%3C%2FP%3E%3CP%3E1.%20Automate%20the%20detection%20and%20remediation%20of%20identity-based%20risks.%3CBR%20%2F%3E2.%20Investigate%20risks%20using%20data%20in%20the%20portal.%3CBR%20%2F%3E3.%20Export%20risk%20detection%20data%20to%20third-party%20utilities%20for%20further%20analysis.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_7.JPG%22%20style%3D%22width%3A%20251px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267479i5D799A9342CD90AB%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_7.JPG%22%20alt%3D%22Bild_7.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20in%20time%20access%20for%20administrators%2C%20this%20is%20also%20possible%20for%20virtual%20machines%20with%20Just%20in%20time%20VM%20Access.%20In%20Azure%20Security%20Center%20you%20can%20configure%20this%20feature%20(and%20much%20more).%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_8.JPG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267480i679C32847199430A%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_8.JPG%22%20alt%3D%22Bild_8.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EAzure%20Sentinel%20helps%20you%20keep%20track%20of%20the%20health%20of%20your%20organization.%20A%20SIEM%20(Security%20Information%20and%20Event%20Management)%20and%20SOAR%20(Security%20Orchestration%20Automation%20and%20Response)%20tool%20that%20should%20not%20be%20missing%20from%20your%20portfolio.%20The%20tool%20offers%20many%20connectors%20(98%20at%20the%20moment)%20so%20that%20you%20can%20connect%20the%20most%20diverse%20portals%20to%20Sentinel.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Bild_9.JPG%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267481i59519DC1DB267EFE%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Bild_9.JPG%22%20alt%3D%22Bild_9.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20is%20still%20so%20much%20to%20show%2C%20I%20wasn't%20talking%20about%20Role%20Based%20Access%20Control%20(RBAC)%20now%20or%20Network%20Security%20Group%20(NSG)%2C%20etc.%20I%20know%20some%20of%20you%20are%20thinking%2C%20hey%20there%20is%20a%20lot%20more.%20I%20am%20aware%20of%20that.%20My%20goal%20is%20to%20give%20you%20some%20positive%20signals%20on%20how%20you%20can%20integrate%20additional%20security%20into%20your%20organization.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20and%20kind%20regards%2C%20Tom%20Wechsler%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2334194%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Azure%20and%20Microsoft%20365%20security%20-%20my%20defense%20in%20depth%20strategy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2334194%22%20slang%3D%22en-US%22%3EThis%20is%20good%20Tom.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2335014%22%20slang%3D%22en-US%22%3ERe%3A%20Microsoft%20Azure%20and%20Microsoft%20365%20security%20-%20my%20defense%20in%20depth%20strategy%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2335014%22%20slang%3D%22en-US%22%3EThanks!%3C%2FLINGO-BODY%3E
MVP

 

Dear Microsoft Azure and Microsoft 365 security friends,

 

Who is interested in my (small) company? We don't have anything to protect and we don't have any money. Besides, we have a firewall. Furthermore, Mr. Wechsler, you are a bit paranoid with your security thinking.

 

These are the first sentences I always hear when it comes to IT (Cloud) security. But the attacker is also interested in a small company and that is to use their system as a bot.

 

It's not always about money and data. What about the reputation a company has to lose? It takes years to build a good reputation but only one event to damage the reputation. What about the employees, the trust in the company? Do you want to put this at risk as a company, I don't think so!

 

Yes! Extended protection mechanisms always cost extra, I am absolutely aware of that. But I also pay monthly for car insurance and accident and health insurance. I'm grateful every day when I don't need the insurance. That's exactly how it should feel when it comes to IT (cloud) security.

 

Let's start with my IT/Cloud security strategy. I am absolutely aware that this list is not exhaustive. There are so many components to consider, plus every infrastructure/company is always different. I'll try to give you a little help here.

 

We start with Microsoft 365, as a first additional measure, use all policies that start with "Anti-". You can find all the information in the Microsoft 365 Security Center.
https://security.microsoft.com/threatpolicy

 

The next step is to use the policies that start with "Safe". You can also find this information in the Microsoft 365 Security Center.

Bild_1.JPG

Multi factor authentication is a key element to further protect your identities/users. You can set this up per user or with a Conditional Access Policy (my preferred way). Azure Active Directory helps you integrate this protection.
https://portal.azure.com

 

Bild_2.JPG

 

If you are subject to a regulatory agency, the Microsoft 365 Compliance Center can help. Here you can set up data loss prevention policies, audits, eDiscovery and much more.
https://compliance.microsoft.com/homepage

 

Bild_3.JPG

 

In this day and age of bring your own device and work from home, it's a good idea to include the Endpoint Manager. With it you have the possibility to manage endpoints (Mobile Device Management - MDM) and applications (Mobile Application Management - MAM).
https://endpoint.microsoft.com/

 

Get visibility into your cloud apps using sophisticated analytics to identify and protect against cyberthreats, detect Shadow IT, and control how your data travels.
https://portal.cloudappsecurity.com/

 

Bild_4.JPG

The Cloudapp Security Portal provides you with the best possible support. Here you can allow or sanction cloud app, configure anti-ransomware policies, data loss prevention policies and much more.

 

Do you want to know how your Windows Active Directory is doing? Then Microsoft Defender for Identity will help you. With this tool you can transfer the local information to the cloud. With an interface to the CloudApp Security Portal.
https://yourtenant.atp.azure.com/timeline

 

Bild_5.JPG

 

No person should always work with elevated rights. Only work with elevated rights when it is really necessary. This is where Azure Privileged Identity Management (PIM) comes in. With this tool you can configure the access as you need it for your needs.
https://portal.azure.com

 

Bild_6.JPG

With Azure Identity Protection do you have a tool that allows organizations to accomplish three key tasks:

1. Automate the detection and remediation of identity-based risks.
2. Investigate risks using data in the portal.
3. Export risk detection data to third-party utilities for further analysis.
https://portal.azure.com

 

Bild_7.JPG

 

Just in time access for administrators, this is also possible for virtual machines with Just in time VM Access. In Azure Security Center you can configure this feature (and much more).

Bild_8.JPG

Azure Sentinel helps you keep track of the health of your organization. A SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automation and Response) tool that should not be missing from your portfolio. The tool offers many connectors (98 at the moment) so that you can connect the most diverse portals to Sentinel.

Bild_9.JPG

 

There is still so much to show, I wasn't talking about Role Based Access Control (RBAC) now or Network Security Group (NSG), etc. I know some of you are thinking, hey there is a lot more. I am aware of that. My goal is to give you some positive signals on how you can integrate additional security into your organization.

 

Thank you and kind regards, Tom Wechsler

 

2 Replies